Over the past few years, phishing attacks targeting iPhone users have become increasingly more sophisticated. Indeed, the never-ending battle between end-users and phishers has become something of a cat-and-mouse game: as end-users become more vigilant in detecting spam, cyber criminals step up their game and start sending out even more convincing emails and messages designed to trick unsuspecting users into handing over sensitive data.
Of course, there are still some low-rent phishing efforts going around these days.
According to a popular post on the iPhone subx
reddit, it appears that some iPhone users are receiving random text messages alerting them that their Apple ID has been temporarily disabled. The message goes on to state that users can “prevent this” and presumably restore access to their iCloud account by visiting an embedded link. Once clicked, the link whisks users to a page where they can enter in their credit card information.
The message going around is embedded below, and clearly, the spelling mistake here should alert folks that this message is far from genuine. Still, we wanted to highlight the latest attack going around just in case some unwitting users happen to receive such a message and lazily click on the link.
The gist of the message is similar in nature to a phishing attempt that was going around last year in the UK. There, users were told that their Apple ID was set to expire and that they could prevent termination by clicking on a link that brought them to a page that ostensibly looked like an authentic page from Apple’s website.
We haven’t clicked on the URL from the more recent Apple ID phishing attempt, but the spoofed page from Apple below (via Graham Cluley) illustrates just how believable some fraudulent websites are designed to look.